FVFelix Voigtinfelix-voigt.de00Part 1: Pin-based Attacks on 802.11 (Legacy & WPS)3h ago · 7 min read · 1. Executive Summary It must be stated upfront that in contemporary red teaming engagements, Wi-Fi Protected Setup (WPS) is largely considered a dead attack vector. The Wi-Fi Alliance has deprecated PJoin discussion
FVFelix Voigtinfelix-voigt.de00Part 4: WPA2/3-Mixed Mode (Downgrade & Rogue Access Point)3h ago · 9 min read · 1. Executive Summary Although WPA3 effectively mitigates the offline dictionary attacks that troubled its predecessor, modern enterprise and home network infrastructures still rely on backward compatiJoin discussion
FVFelix Voigtinfelix-voigt.de00Part 2: WPA2 PMKID (Silent & Clientless Attacks)3h ago · 9 min read · 1. Executive Summary The PMKID attack represents a significant paradigm shift in 802.11 wireless network exploitation. This vector exploits a historical implementation flaw in the IEEE 802.11i Robust Join discussion
EEEmma Engströminpentesting-dvwa.hashnode.dev00DOM-Based XSS in DVWA 5d ago · 14 min read · Introduction This post examines a DOM-based cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) and demonstrates how it can be exploited to achieve client-side code Join discussion
EEEmma Engströminpentesting-dvwa.hashnode.dev00Stored XSS in DVWAMar 25 · 12 min read · Introduction This post examines a Stored Cross-Site Scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA), and demonstrates how it can be used to achieve persistent client-side cJoin discussion
EEEmma Engströminpentesting-dvwa.hashnode.dev00Reflected XSS in DVWAMar 19 · 14 min read · Introduction This post demonstrates how a reflected Cross-Site Scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) can be exploited to execute malicious client-side scripts in Join discussion
ASaviral srivastavainaviraxroot.hashnode.dev00I Found a SQL Injection in an AI Agent. It Taught Me That We Broke the First Rule of Database Security.Mar 16 · 13 min read · I was two hours into auditing AnythingLLM when I stopped scrolling and stared at my screen for a good ten seconds. Not because the code was complex. Because it was the opposite. javascript getTableSchJoin discussion
EEEmma Engströminpentesting-dvwa.hashnode.dev00File Upload in DVWAMar 12 · 15 min read · Introduction This post demonstrates how a file upload vulnerability in the Damn Vulnerable Web Application (DVWA) can be exploited to achieve remote code execution. The objective of the attack is to uJoin discussion
EEEmma Engströminpentesting-dvwa.hashnode.dev00Brute Force in DVWAMar 8 · 16 min read · Introduction This post explores the brute-force vulnerability in the Damn Vulnerable Web Application (DVWA). The objective of the attack is to gain unauthorised access to the application by discoverinJoin discussion
WBWiktoria Blomgren Strandberginpentesting-dvwa.hashnode.dev00SQL Injection in DVWAMar 6 · 17 min read · 1 Introduction In this post, the SQL Injection vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to extract user login credentials. Join discussion
